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PREFERENCE PORTABILITY FOR COMPUTING 

This application claims the benefit of provisional 
application serial number 60/243,816, filed October 27, 
2000, entitled PORTABLE PRIVACY AND CONFIGURATION FOR 
COMPUTER AND WEB BASED APPLICATIONS, the disclosure of 
which is incorporated herein by reference. 

Field of the Invention 

The present invention relates to portable devices to 
facilitate computing, and in particular, relates to a 
portable device capable of interacting with a computing 
device to facilitate user interaction. 

Background of the Invention 

Using multiple computers and multiple computing 
devices is becoming commonplace. The need or desire for 
people to use more than one computer in addition to 
mobile computing devices, such as personal digital 
assistants (PDAs) and mobile telephones accessing the 
Internet, is increasing for private and business use. 
These users frequently access the Internet and demand 
customization of their computing environments. For 
example, most users customize their desktop and -browser 
settings to provide a friendly interface as well as make 
favorite web pages readily accessible with organized 
bookmark settings. Unfortunately, such settings 
configured on one computing device are not readily 
portable to other computing devices. The other computing 
devices typically require replicating configuration 
information to arrive at the preferred settings that are 
frequently used. Although users that interact with 
different computing devices on a routine basis would 
often benefit from having customized settings available 
on each device, the limited use on any one computing 
device does not outweigh the time and effort necessary 
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for customization. When a user accesses the web from a 
public or shared host system, the web browser does not 
contain a user's setup and preferences, but rather those 
of the host system. In addition, shared access may 
5 compromise the privacy of the owner of the system as well 
as that of the user. 

The increase in mobile computing also corresponds to 
concerns about privacy. Administrators of computing 
devices want to make sure that users are authorized to 

10 use the computer and control access to the various 

programs and data available from the computer. Second, 
users would like the freedom to use computing devices as 
desired without leaving readily accessible records of 
their activities, which are available by viewing cookies, 

15 computing or browsing histories, and the like. 

As such, there is a need for a way to provide 
portability of customization options and settings to 
optimize interactions on multiple computing devices. 
There is a further need to address the privacy and 

20 security issues associated with computing on multiple 
computing devices on commercial and personal levels. 

Summary of the Invention 

The present invention relates to a portable device 

25 configured to interact with a number of host computing 
devices. The portable device primarily includes memory 
having software capable of running on one of the host 
computing devices. The memory will be associated with an 
interface to facilitate interaction with one or more of 

30 the host computing devices. Although the portable device 
is primarily a memory device, the portable memory device 
may include control circuitry to assist in interaction 
with the host computing devices as well as organizing the 
data stored thereon. 

35 The present invention uses a portable memory device 

to directly or wirelessly interact with one or more host 
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computing devices to provide a customized configuration 
for one or more aspects associated with a computing 
session. In particular, software on the portable device 
will automatically execute on the host computing device 
5 after the host computing device recognizes the presence 
of the portable device. The software provides 
instructions for the host computing device to launch a 
select program on the host computing device and provide a 
customized configuration for the program. The 
10 customized configuration is based on information stored 

on the portable device. As such, the portable device may 

I J 

automatically set preferred interface or program 
CQ configurations personalized to the user. For example, 

the interface settings for a desktop, productivity, or 
^2 15 browser application may be tailored as defined by 
12 information stored on the portable device. Other 

:^ settings, such as bookmarks for a browser, may be stored 

fj on the portable device and made available to the program 

^3 launched on the host computing device. 

□ 20 Preferably, the portable computing device will 

emulate a file system in memory of the host computing 
device, such as a hard disk drive, wherein the software 
and data appear as a file system or other memory 
available to the host computing device. The portable 
2 5 device may interact with the host computing device 

through a direct or wireless interface. Preferably, most 
of the information provided on or by the portable device 
is encrypted to enhance security. Data compression 
techniques are available to maximize the amount of 
30 information capable of being stored on the portable 
device . 

In addition to customizing select programs launched 
on the host computing device, the present invention may 
provide an authentication procedure. Authentication may 
35 include receiving authentication indicia from the user 
via an interface on the host computing device and 



determining if the authentication information received 
from the user matches authentication indicia stored on 
the portable device. As such, protection is provided to 
prevent non-authorized users from using the portable 
5 device. The portable device may also be configured to 
remove remnants or records of user interaction during a 
computing session from the host computing device to 
enhance the privacy associated with the computing 
session . 

10 The present invention may be implemented on numerous 

types of portable devices as well as in software provided 
£3 on a computer readable medium, such as a compact disk, 

fg floppy disk, or the like, capable of being provided to or 

P stored on the portable device according to the present 

rn 15 invention. 

Those skilled in the art will appreciate the scope 

r — 

a of the present invention and realize additional aspects 

H thereof after reading the following detailed description 

□ of the preferred embodiments in association with the 

1% 2 0 accompanying drawing figures. 

Brief Description of the Drawing Figures 

The accompanying drawing figures incorporated in and 
forming a part of the specification illustrate several 
25 aspects of the invention, and together with the 

description serve to explain the principles of the 
invention . 

FIGURE 1 is an illustration of a computing 
environment compatible with the operation of the present 
3 0 invention. 

FIGURE 2A illustrates a portable key that is capable 
of being inserted into and interacting with multiple 
computing devices according to the present invention. 
FIGURE 2B is a smart card configured to interact 
35 with multiple computing devices according to the present 
invention . 



FIGURE 2C is a remote communication device, such as 
a transponder, configured to interact with multiple 
computing devices according to the present invention. 

FIGURES 3A and 3B are a flow chart outlining a basic 
process for interacting with multiple computing devices 
according to the present invention. 

FIGURE 4 illustrates a software architecture 
according to a preferred embodiment of the present 
invention . 

FIGURE 5 illustrates an exemplary launching bar 
provided by the present invention. 

FIGURE 6 represents an expansion window associated 
with the launching bar illustrated in Figure 5. 

FIGURE 7 illustrates a preferred service providing a 
content push for the markup language area of the 
launching bar illustrated in Figure 5. 

Detailed Description of the Preferred Embodiments 

The present invention provides a portable memory 
device capable of interfacing with a number of computing 
devices. The portable memory device, referred to 
generally as a key, is preferably configured to provide 
one or more applications capable of running on a 
computing device, generally referred to as a host, to 
facilitate user interaction. Preferably, the user 
interaction is embraced with one or more privacy and 
security measures . 

The embodiments set forth below represent the 
necessary information to enable those skilled in the art 
to practice the invention and illustrate the best mode of 
practicing the invention. Upon reading the following 
description in light of the accompanying drawing figures, 
those skilled in the art will understand the concepts of 
the invention and will recognize applications of these 
concepts not particularly addressed herein. It should be 
understood that these applications and concepts fall 



within the scope of this disclosure and the accompanying 
claims . 

With reference to Figure 1, a basic representation 
of a computing environment consistent with the 
5 implementation of the present invention is illustrated. 
At the heart of the invention is the portable memory 
device, which is referred to as a key 10. The key 10 is 
configured to interact with any number of computing 
devices, which are referred to as hosts 12. Each host 12 

10 will typically interact with one or more servers 14 via a 
network 16, which may include a local area network (LAN), 
the Internet, or a combination thereof. 

The key 10 will primarily include memory 18 having 
software 20 capable of running on one of the hosts 12, 

15 and data 22. The memory 18 will be associated with a key 
interface 24 to facilitate an interface with one or more 
of the hosts 12. Although the key 10 is primarily a 
memory device, the key may include control circuitry to 
assist in interaction with the host as well as organizing 

20 the data 22. Preferably, once an interaction between the 
key 10 and a host 12 is established, the memory 18 will 
emulate a file system on a memory device, such as a hard 
disk drive, accessible by the host 12 wherein at least 
certain aspects of the software 20 are capable of running 

25 or executing on the host 12. 

In the preferred embodiment, the key 10 will include 
four or more megabytes of flash memory and a built-in USB 
sleeve interface. When the key 10 is plugged into a USB 
port of a host 12, the key 10 will emulate a file system 

30 on a solid state mass storage device, and via plug-and- 
play functionality, rely on device drivers that are 
typically associated with the host's operating system. 
The key 10 is preferably configured for autorun 
capability, which may emulate that of a CD-ROM autorun 

35 configuration. This configuration will allow a start-up 
application stored on the key 10 to start executing when 



the key 10 is plugged in to the USB port of the host 12. 
Those skilled in the art will recognize a variety of 
configurations for the key 10 wherein when the key 10 is 
placed into or associated with the host 12, one or more 
5 applications are automatically executed by the host 12. 
The organization of the memory 18 will preferably 
resemble a file structure addressable by the host 12. 
Preferably, the software 20 will include Java applets, 
Active-X components, or the like capable of automatically 
10 running on the host 12 upon engaging the key 10 with the 
host 12, or otherwise establishing an interaction between 

iJ 

W the two devices. Additional detail is provided below. 

li The host 12 may take many forms, including a 

fy personal computer (PC) , workstation, personal digital 

15 assistant (PDA) , notebook computer, web-enabled mobile 
M telephone, or the like. The host 12, regardless of form, 

f5 will typically include a central processing unit (CPU) 26 

associated with memory 28 having the requisite software 
,3 30 and data 32 for operation. Typically, a user 

^3 20 interface 34 is provided to facilitate interaction with 

the host's user, which is preferably the owner of the key 
10, who is interacting with the host 12. The CPU 26 is 
preferably associated with a key interface 36 to 
facilitate interaction with the key 10, and a network 
25 interface 38 to facilitate interaction with any number of 
devices associated with network 16, such as the servers 
14 . 

Importantly, the software 20 on the key 10 is 
configured to readily execute on the host 12 upon 

3 0 interface. For example, the key 10 may be compatible 
with Windows plug-and-play capability, and the key 
interface 24 may be USB compatible, wherein when the key 
10 is plugged into the key interface 36 of the host 12, 
the host 12 will recognize the key 10 and execute select 

35 applications or functions provided by the software 20 of 
the key 10 . 



The host 12 is preferably configured to access 
various servers 14 over the network 16 upon executing 
applications or functions of the key 10. These servers 
14 may be configured in any number of ways. The servers 
5 14 may be traditional application servers facilitating 
the function of the host 12, or may be web servers 
capable of downloading markup language content upon 
request from a browser running on the host 12 , 

The server 14 will typically include a CPU 4 0 having 
10 memory 42 with the requisite software 44 and data 4 6 to 
facilitate operation. The server 14 will typically 
include a user interface 48 and a network interface 50 
1% cooperating with the CPU 40. The user interface 48 

ry allows a direct interface with the server 14, wherein the 

'"L; 15 network interface 50 facilitates interaction with any 
M number of network devices, including other servers 14 and 

hosts 12. 

LJ Turning now to Figures 2A-2C, the key 10 may take on 

;^ any number of configurations. The preferred embodiment 

£3 20 is shown in Figure 2A wherein the key 10 takes the form 
of a physical key- like device lOA capable of being 
plugged into a USB port or other readily accessible port 
on the host 12. Preferably, the key lOA is light and 
portable enough to be carried on a key chain or the like. 
25 Figure 2B represents a smart card lOB capable of carrying 
out the concepts of the present invention. The smart 
card lOB may be a contact-based or a contactless 
(wireless) smart card lOB capable of interacting with the 
host 12 as described above. Figure 2C depicts a wireless 
30 communication device IOC, such as a transponder, capable 
of facilitating wireless communications with the host 12. 
Whereas a physical connection with a key 10 may implement 
the Windows plug-and-play interface, a wireless device 
IOC may incorporate an automatic detection or sensing 
35 technology, such as the discovery process used by 

Bluetooth, which is well documented and available to 



those skilled in the art. The key 10 may also be 
implemented in a wireless personal digital assistant 
(PDA), mobile terminal, such as a mobile telephone, or 
like portable computing device. The applications or 
5 functions stored on the key 10 and capable of executing 
on the host 12 are referred to in general as keylets. As 
discussed below, keylets may also reside on a host system 
itself, depending on the security level associated with 
that host 12. Typically, keylets are assigned a class 
10 indicating the basic functionality of the keylet, and 
preferably a security level corresponding to the 
^2 functionality of the keylet. The keylets are preferably 

rg Java applets, but may incorporate any software technology 

'zf^ facilitating ready execution on a host 12. The keylets 

rn 15 may provide any number of functions, several of which are 
?J discussed in detail below. 

s A generic process providing multiple functions is 

!=1 outlined in the flowchart of Figures 3A and 3B, wherein 

C3 user authentication is required before a certain function 

}t 20 or interaction is allowed by the host 12. Further, upon 
M completion or termination of the interaction or function, 

remnants indicative of the user's interaction are removed 
from the host 12 to facilitate privacy. 

The process begins when the key 10 is inserted into 
25 or placed within communication range of the host 12 

(block 100) . Preferably, the key 10 is identified (block 
102) and the communication interface is configured to 
facilitate interaction (block 104) . One of the keylets 
may be programmed to configure the user's desktop and 
30 basic interface features. For example, the user may have 
a keylet configured to set preferred color schemes for 
the desktop, provide a select screen saver after a 
certain period of dormancy, or activate a particular 
application. For example, the user may want a light 
35 green desktop with a screen saver using a favorite 

wallpaper after ten minutes of dormancy. Further, the 



user may have the keylet automatically configure 
Microsoft Outlook to check e-mail from a select pop email 
server, as well as launch Microsoft Word and Excel. The 
keylet may launch Word and Excel to have the user's 
5 favorite toolbars and settings. Internet Explorer or 
other browser may be launched with bookmarks stored on 
the portable device. This type of functionality is 
available on any host 12 capable of interacting with the 
key 10. Preferably, the key 10 is configured to be 
10 readily operable with any number of computing devices 
acting as host 12 . 
□ Regardless of the function provided, a specific 

l%_ keylet is typically configured to initially execute on 

C3 the host 12 (block 106) . Generally, the initial keylet 

m 

f,^ 15 to execute is a basic keylet requiring little or no 

security to execute. The execution of the keylet may 
require access to data stored on the key (block 108) . 
In this example, the initial keylet runs an 
Q authentication routine to ensure that the holder of the 

20 key 10 is authorized to use the key 10 in association 
il with the host 12 (block 110) . Typically, the 

authentication routine will provide a user authentication 
interface (block 112) requiring a password, logon 
information, or biometric indicia from a biometric reader 
25 (not shown) associated with the host 12. In response, 

the user will provide authentication indicia to the host 
12. The authentication routine, which is running on the 
host 12, will receive the authentication indicia from the 
user (block 114) , and determine if the user is 
30 authenticated (block 116) . 

If the authentication indicia does not match that 
stored on the key 10 or otherwise associated with the 
authentication routine (block 116) , the keylet may have 
the user re-enter the authentication data, or may simply 
35 end the process (block 118) . If the user is 

authenticated (block 116) , one or more additional keylets 



based on the user authentication are executed according 
to the interaction of the user (block 120) . Notably, as 
will be discussed in further detail below, the keylets 
available for use may be based on a security level 
5 corresponding to the authentication. 

During execution of any of the keylets, data may be 
accessed from the key 10 as necessary based on the keylet 
and the authentication or security level (block 122) , 
Further, the data 22 stored on the key 10 may be updated 
10 based on the user interaction as desired (block 124) . 

The user may also be queried to update data 22 on the key 
"5 10. Alternatively, keylets may be configured to 

£9 automatically update the key 10 without informing the 

fQ user. Those skilled in the art will recognize the 

15 various options capable of being provided to the user. 

Depending on the keylet being executed, the user may 
indicate a desire to end the session, wherein the keylets 
LJ or data involved in the interaction may be updated as 

necessary. Throughout this process, one or more of the 
£3 20 keylets may monitor for the insertion or loss of presence 
of the key 10 (block 126) . If the key 10 is not removed 
(block 128), the process will repeat. If the key has 
been removed (block 128) , one or more of the keylets will 
preferably continue to run on the host to clean any 
25 residue left from the user interaction (block 130) . 

Cleansing the residue from the host 12 will preferably 
include removing any cookies, histories, information in 
cache, or other memory indicative of the user's 
interaction. Such a cleansing is also preferable upon a 
30 scheduled termination of the session, wherein the 

cleansing will occur upon the user signaling for an end 
of the interaction. The automatic cleansing upon removal 
of the key 10 is a safeguard for those forgetting to 
properly end the session and simply removing the key 10 
35 without providing the host 12 forewarning. 
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In the preferred embodiment, the key 10 will include 
multiple keylets providing various functions. The 
keylets may have access to common data files or select, 
corresponding data files. An exemplary architecture is 
5 provided in Figure 4 for the key 10 and a server 14 

configured to interact with select ones of the keylets 
while operating on the host 12. For purposes of 
illustration, three keylets are illustrated: auxiliary 
keylets 52, core keylets 54, and web keylets 56. Each of 

10 the keylets preferably interacts with a key manager (KM) 
application 58 capable of managing interaction among 
keylets and between keylets and associated data files: 
auxiliary data files 60, core data files 62, and web data 
files 64 . Depending on the functionality of the keylets 

15 and the business models for marketing keys 10 having the 
various keylets, the core keylets may be provided by the 
provider or manufacturer of the key 10. The web keylets 
56 are particularly configured for interaction with one 
or more servers 14 when the keylets are executed on the 

20 host 12. 

As illustrated, the server architecture may include 
web servlets 66 configured to facilitate interaction 
between the web keylets 56 and the web servlets 66 
running on server 14 via the network 16. Notably, 

25 servlets 66 are similar to keylets, with the exception 

that they are stored and run on the server 14. Notably, 
any of the keylets 52, 54, 56 may provide any type of 
functionality, and are only illustrated as being 
different for the purposes of description. As such, the 

3 0 auxiliary keylets 52 may be provided by business partners 
associated with the providers or makers of the key 10. 
The core keylets 54 may provide functionality basic to 
the core elements of the key 10, wherein the auxiliary 
keylets 52 may provide functionality corresponding to a 

35 particular function associated with the given business. 
The auxiliary, core, and web data files 60, 62, 64 are 



preferably used to store data used or provided by the 
auxiliary, core, and web keylets 52, 54, 56, 
respectively. Preferably, the keylets use compression 
and encryption techniques to minimize the impact on 
5 memory as well as to provide secure transfer of data 

between the executing keylets and the various data files 
22 stored on the key 10. 

The key manager 58 may also provide various levels 
of security for keylets and data files. For example, an 

10 initial security level may allow access only to select 
data files and keylets, whereas an authorization 
corresponding to a higher- level security may provide 
access to all of the data files and use of all of the 
keylets. Further examples of security levels and use of 

15 security are described in greater detail below in 
association with particular keylets. 

The server architecture may include any number of 
servlets or services, such as the core services 68 or 
third party services 70. The core services 68 may 

20 correspond to the basic functionality of key interaction 
and use, wherein the third party services 70 may 
correspond to a business partner's application configured 
to run in association with the use of a key 10. 
Typically, the key manager 58 will interact with the 

25 various keylets using a key manager application program 

interface (API) 72, wherein the servlets and services may 
interact with each other through an extended API 74 . The 
types of keylets available are limited only to the types 
of functionality required of the key 10. Further, 

30 multiple functions may be provided in a single keylet, or 
provided in a corresponding number of keylets, wherein 
one function corresponds to one keylet. The following 
outlines numerous functions that may be provided by 
keylets individually or in combination. 

35 The authentication function is a security feature 

that provides for user authentication when accessing a 



host 12 or services on the host 12 . To access the 
authentication function, the user must engage the key 10 
with the host 12 by actually plugging the key 10 into the 
host 12, or by placing the key 10 within a certain 
5 proximity to the host 12 (wireless) . Once the host 12 

recognizes the key 10 and executes a keylet providing the 
authentication function, the user is preferably queried 
to enter a user name and password. Once entered, the 
keylet will confirm or deny the user name and password 

10 entered by the user with information stored, and 

preferably encrypted, on the key 10. Assuming that the 
user name and password are authenticated, access to at 
least a portion of the services provided by the key 10, 
and perhaps by the host 12, are authorized. Different 

15 passwords and user names may be used in various 

combinations to access various levels of security and may 
be provided by the key 10. The authentication function 
is particularly useful when combined with other functions 
provided in the same or different keylets. 

20 A second function made possible by the present 

invention relates to private and secure Internet access 
on multiple hosts 12. When a user normally accesses the 
Internet from a public or shared host system, the host's 
web browser does not contain the user's normal setup and 

25 preferences found on the user's home PC, but rather those 
of the host 12 being used. In addition, shared access 
may compromise the privacy of the owner of the host 
system as well as that of the user. 

With the present function, upon interaction of the 

30 key 10 with the host 12, a "private" web browser is 

launched from the host 12 upon execution of the keylet 
providing the function. Preferably, the keylet launches 
the web browser on the host and causes the web browser to 
fetch select information relating to desired settings, 

3 5 preferences, bookmarks, and the like, from the key 10, 
thereby protecting the security and privacy of both the 
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owner and the user of the system, while allowing the user 
to apply his preferences and information for the browsing 
event. As noted above, when the user removes the key 10 
or otherwise disassociates the key 10 from the host 12, 
5 the same or other keylet will close the browser, and the 
temporary environment established for the browsing 
session will be cleaned without leaving any traces such 
as history, cookies, cache, preferences, etc. The keylet 
will also close itself, and preferably operate to 
10 completely remove the keylet, or leave the keylet in such 
a state that it is readily erased upon restart or 
J5 minimized to the point where information is unavailable 

^ from analyzing the keylet. 

r J 

f:j Another unique function provided by executing a 

'"^ 15 particular keylet on a host 12 provides for a launching 

ij. an interface bar, referred to as a launching bar, with 

advertisinq content as well as a way to access other 
id functions provided by one or more keylets on the key 10. 

A launching bar, generally referred to as 76, is depicted 
C3 20 in Figure 5. Preferably, the launching bar 76 will 
^" appear as or will be closely associated with the web 

browser's tool bar and advertising banner. 

Although the Internet provides tremendous 
opportunity for advertising, there is a need to increase 
25 customer retention by holding advertising content 

provided on the browser's advertising banner for a period 
of time sufficient for the user to actually view the 
advertising, instead of catching only a glimpse while 
navigating from one web page to another. Preferably, 
30 when a "private" web browser session is started as 

described above, the session will start with a narrow, 
fixed markup language frame, as depicted in Figure 5. 
The frame may take many forms and may associate itself 
with the toolbar or banner of the web browser, or may 
35 actually act as a mini -web page, positioned anywhere on 
the screen. Preferably, the frame is configured to 
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override or otherwise conceal or hide the advertising 
normally provided by the web browser or page being 
displayed. The frame may include any elements compatible 
with the markup language being used, such as GIFs, links, 
5 buttons, banners, text, animation, etc. 

As depicted, the launching bar 76 may include a logo 
78, a markup language (ML) content area 80, a help button 
82, an end button 84, and a launch button 86. 
Preferably, the launching bar 76 will redirect uniform 
10 resource locators (URLs) and other web page content 

through the launching bar 76, so as not to interfere with 
\2 the content intended to be displayed to the user or 

functional buttons and drop-down menus provided by the 
\\1 browser. Preferably, the launching bar 76 will provide 

'^^^ 15 advertising information associated with the provider of 
1=- the key 10. As such, the logo area 78 may include a 

fixed logo for a company. Notably, the logo remains in 
lu= place throughout a browsing session wherein the user is 

browsing any number of pages. The markup language 
p 20 content area 80 may include fixed information provided by 
the key 10, select information provided as a web page 
from any one of the servers 14, or a combination thereof. 
Importantly, the content provided in the markup language 
content area 80 may come from a select web page dictated 
25 by information provided in the key 10 and independent of 
the actual web page selected by the user. As such, the 
provider of the key 10 has multiple opportunities to 
provide advertising information to the user during a 
browsing session, even when the user is skipping from one 
3 0 page to another. 

The launching bar 76 may act as an interface to the 
various functions provided by the keylets on the key 10. 
For example, clicking on or otherwise selecting the help 
button 82 may invoke a help keylet capable of accessing 
35 help information stored on the key 10. Similarly, the 

end button 84 will act to close the launching bar 76, and 



preferably, initiate a cleansing function to remove 
traces of the user's interaction during the browsing or 
computing session . 

Typically, the logo area 78 contains a button 
5 displaying the logo of a business. When the button is 

clicked, the web page of the business being advertised is 
launched. The markup language area 80 may contain a 
banner, image, or hyperlink associated with a keylet, 
service, or servlet. The markup language area 80 be 
10 associated with or facilitate the functionality of a 

browser. Preferably, clicking on this area will enable a 
=,3 content push, which is described below in greater detail. 

li In the preferred embodiment, the launch button 86 is the 

ry only way to launch the various keylets in order to 

"'J 15 provide maximum marketing and advertising benefit of the 
launching bar 76. Those skilled in the art will 
recognize numerous ways to execute keylets and that the 
ly launching of keylets need not be limited to this 

preferred mode. When the end button 84 is selected, the 
^3 20 keylet controlling the launching bar 76 will preferably 
terminate and end the user session as it is associated 
with the key 10. At this time, or when the key 10 is 
removed from the host system 12, the launching bar keylet 
or associated clean-up keylet will clear the markup 
25 language area 80 and replace it with a notification that 
the key 10 has been removed and key termination is in 
progress , 

The launch button 86 may be configured in a number 
of ways. The launch button 86 may be used to simply 

30 elect a function provided by one or more of the keylets 
or provide a selection window upon activation to display 
the various functions available to the user. A selection 
window associated with the launching bar 76 is shown in 
Figure 6, wherein upon selection of the launch button 86, 

35 a function menu is provided including a selection for "My 
Bookmark" 88, "E-Cart" 90, and ^^E-Wallet" 92. As such, 



the launching bar 76 may provide a user interface to the 
functions provided by the key 10 as well as the fixed 
advertising medium to hold advertising information or 
select advertising information independent of the web 
5 page selected by the user. 

Another function of the present invention that is 
capable of being provided by executing an appropriate 
keylet on the host 12 operates to manage passwords for 
web-based services. Typically, web users are registered 

10 at multiple web-based services. Some choose to register 
by different user names and passwords; consequently, they 
often have difficulties recalling their user names and 
passwords. Many others solve these problems by reusing 
the same user name and password combinations across 

15 multiple sites and services, which creates a risky 
security exposure . 

The passwords manager function is preferably a Java 
applet that allows a convenient way for a user to store 
his user name and password in an encrypted form on the 

20 key 10. When the user accesses a web site that requires 
authentication or the entry of a password, the passwords 
manager will preferably automatically recognize the site 
and the need for insertion of a user name and password 
and will actually insert the user name and password in 

25 the appropriate fields on the web page. 

The passwords manager function may automatically 
fill in the requisite information upon entry of the page 
requiring the information, or may only provide the 
information upon command by the user. Preferably, the 

30 passwords manager will automatically recognize entry into 
a particular site, and automatically fill in the user 
name and password fields in a fashion eliminating steps 
by the user. Preferably, the user name and password are 
automatically filled in the appropriate fields in a 

35 fashion taking the user directly into the site by 
requesting the subsequent web page. 



Alternatively, the keylet providing the password 
manager function may directly cooperate with the web 
servlets 66 via the network 16 to facilitate the same or 
similar functionality. In this case, the web servlet 66 
5 will be specially configured to interact with the 

particular keylets to provide the functionality, instead 
of the keylet taking the sole responsibility for 
detecting the web page and filling in the requisite 
information. 

10 Notably, the passwords are not relegated to merely 

user name and password configurations, those skilled in 
the art will recognize that various types of password 
configurations are used for logging into web-based 
services. Further, the authentication function described 
15 above is particularly useful in combination with the 

passwords manager to ensure that only authorized users 
may have their user names and passwords automatically 
filled in the appropriate fields when accessing a 
particular web site. 

le passwords manager function will pref erably^Jr*6w 
.ng, updating, and changing passwords formally given 
web page or service. Further, the pass^^iiQ^^fas manger 
function may be combined with ottjjs^r^unct ions , for 
example, upon activating a.....-er€rvice from the launching bar 

2 5 76, one or more keylp^Tsmay execute to enter the web site 

and automat ica>ary^ Eill in user name and password fields. 
Further^^^.fe'fiis functionality may be allowed only if the 
iiSjs^; — was properly authenticated. 

Another issue facing users is that built-in bookmark 
30 tools on browsers require users to classify their 

bookmarks in a hierarchical structure. The hierarchy is 
typically not a natural organizational method, and can 
pose difficulties when the same site being bookmarked can 
be associated with multiple categories. For example, 

3 5 Amazon.com is a shopping site for both music and books, 

and should be classified under both categories. 



^1 /^fcxacking. 
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The present invention provides a bookmark manager 
that readily allows classification of a common URL under 
multiple keywords identifying categories. Further, a 
graphical user interface may be provided, wherein new 
5 categories may be added and URLs may be associated with 
any number of categories. Thus, when a user selects a 
certain keyword, all of the URLs associated with that 
category may be displayed. A more basic function for the 
bookmark manager is to simply make the various user 

10 bookmarks available for any browsing session. 

Preferably, the browser launched for the session 
will incorporate all the bookmarks and organization 
thereof from the key 10 instead of those stored on the 
host 12. If the bookmarks are changed, new bookmarks 

15 added, or old bookmarks deleted during the session, the 
key 10 will be updated so that the new configuration is 
available for the user's next session on the same or 
other host 12 . The bookmark manager function may 
cooperate with the password manager such that when a 

20 website associated with a particular bookmark is 

accessed, the user name and password are automatically 
entered in the appropriate fields to quickly propel the 
user into the web site associated with the bookmark. 
Further, these functions may be affiliated with other 

25 keylets, such as an authentication keylet, and may be 
provided on the launching bar 76 directly or in 
association with the launch button 86. 

Another aspect of the present invention allows for 
efficient use and security for managing various financial 

30 account numbers used online. According to a study by 
Visa, approximately 27% of online shoppers leave their 
shopping carts behind at the stage when they are asked to 
fill out a form with credit card and shipping 
information. Users have security concerns and limited 

35 patience for filling out long payment and shipping forms. 
The present invention includes aspects that allow users 



to store in the key 10 information for one or more 
financial accounts, such as credit and debit card account 
numbers, billing addresses, and multiple shipping 
destination addresses. Preferably, this information is 
5 encrypted and protected in the user's key 10. 

When the user needs to fill out payment and shipping 
forms at an e-commerce site, the key 10 will or will have 
authenticated the user as described above and the user 
will be prompted via a graphical user interface to select 
10 a particular account number, and perhaps shipping and 
billing addresses, to use. A credit card manager 
function will then decrypt the information and fill out 
the appropriate fields in the web page, or alternatively, 
fU send the encrypted information directly to an e-commerce 

"L.! 15 site for bill processing. In the latter case, the 
M particular keylet providing the function may cooperate 

with a web servlet 66 specially configured to interact 
LJ with the keylet to provide processing of the account 

information, and perhaps, decryption of the encrypted 
C3 20 information. Preferably, the keylet or keylets providing 
the account manager are compatible with the electronic 
commerce modeling language (ECML) standard. The keylet 
may allow the user to paste entries into non-ECML fields 
by a menu of buttons that correspond to the full 
2 5 repertoire defined by the ECML standard. 

Preferably, the keylet will allow users to keep 
track of various account numbers and any associated 
security for a variety of accounts. Passwords for the 
accounts and the like may also be stored and 
30 automatically used during this transaction directly in 

association with a function or in combination with other 
functions provided in the same or other keylets. In 
essence, the account manager will manage multiple 
financial accounts, facilitate filling in forms for 
35 checkout, and aid in providing a secure transaction for 
the user in a fast and efficient manner. 



Another function of the present invention capable of 
enhancing user convenience as well as facilitating e- 
commerce is the portable shopping cart function. The 
portable shopping cart function provides a shopping cart 
5 available for one or more e-commerce sites, wherein the 
shopping cart is actually kept on the key 10 between 
shopping sessions. Information relating to products 
selected to place in a shopping cart for one or more 
sites is kept on the key 10, wherein when the user 

10 revisits a site, the shopping cart is available. The 

shopping cart may be site-specific wherein items placed 
in a cart for a particular site are only available for 
that particular site. 

Alternatively, the shopping cart may be configured 

15 to work with multiple e-commerce sites. For example, 

basic product information from Amazon.com, Borders.com, 
and BarnesandNoble.com may be used to identify one or 
more items, wherein items selected to place in a shopping 
cart at one site may be available for comparison or 

20 purchase via another site. The products may be 

identified in the shopping cart based on proprietary item 
numbers, universal product codes (UPCs) , or sufficiently 
descriptive information, such as the title in combination 
with the artist or author. 

25 In general, the keylets will be configured to 

interact with a web page and act as the shopping cart for 
the site or otherwise interact with the shopping cart to 
automatically provide or receive information therefrom. 
The interaction depends on whether the user is bringing a 

30 shopping cart with items to a site or leaving a site with 
items yet to be purchased. As with the above, the 
shopping cart function may be combined with any of the 
various functions. For example, if the user is shopping 
online, one or more keylets may be configured to provide 

35 a shopping cart for the products to purchase, fill in an 
account number, and provide passwords for the account. 
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the shopping cart, and online retailer. The shopping 
cart may be updated during shopping and used to store 
products between shopping sessions. Further, the user 
may be authenticated as described above before allowing 
any interaction. 

An expansion of these concepts can be applied to 
marketing between brick-and-mortar stores and online 
shopping sites. Cross -promotion selling is provided by 
allowing a user to gather information from a brick-and- 
mortar computer terminal or other host 12 and use the 
information online, and vice versa. As such, online 
retailers can encourage users to visit the corresponding 
brick-and-mortar stores, while traditional retailers can 
encourage users to visit certain online sites. All of 
these functions may be provided with varying levels of 
security, compression, and encryption. 

Additional functions may allow the storage and proteot-i<rfi 
of unique coupons and tokens on the keyjJL- — TKecoupons 
may have a time expiration, nuijiber^'of uses, or a 
transferability f La^^^fcrer^enhance marketing. The coupons 
may be us^ji--arrr"conj unction with any of the functions 
§>er^7eto facilitate shopping and e-commerce. 

A content push service is preferably used to fill 
the markup language area 80 of the launching bar 76. As 
illustrated in Figure 7, a keylet running on the host 12 
will cooperate with a servlet running on the server 14 to 
automatically load content in the markup language area 
80. Preferably, web-based input 94 is provided to a 
content push service 96 associated with a push servlet 98 
running on the server 14. The push servlet 98 is 
preferably a web servlet 66 as previously described in 
Figure 4. The push servlet 98 will cooperate with a push 
keylet 100 being executed on the host 12. The push 
keylet 100 may be a web keylet 56 as illustrated in 
Figure 4. The push servlet 98 and push keylet 100 will 
cooperate to push the content of a markup language file 



102 to the markup language area 80 of the launching bar 
76. As illustrated, the markup language file 102, as 
with most of the files processed in association with the 
key 10, is preferably encrypted for enhanced security. 
5 Using the content push service 96 allows the markup 

language area 80 of the launching bar 76 to be updated 
using different types of content. However, the content 
is provided by a specified source associated with the key 
10 in lieu of the content simply being associated with 

10 whatever web page is being viewed by the user. 

Since the present invention provides numerous 
possible functions and combinations thereof, the 
preferred embodiment of the present invention uses the 
key manager 5 8 (as shown in Figure 4) to manage the 

15 interaction and overall relationship between the various 
keylets providing their respective functions. Thus, it 
is important for the key manager 58 to provide sufficient 
facilities for seamless interoperat ion among keylets. 
For example, a bookmark manager will typically 

20 integrate with password manager functionality so that 

when a user gets to a page through the bookmark manager, 
the password manager will automatically be invoked to 
provide the proper password for the bookmarked page. 
Some of the functions provided by the key manager 5 8 

25 facilitate installation and use of various encryption 

certificates for use with one or more keylets and files 
associated therewith. Further, the key manager 58 may 
facilitate the updating of software on the key 10 as well 
as facilitate backup of information to a certain 

30 computer, which will be discussed in greater detail 
below . 

The key manager 58 may act as a central authority 
for registration of services and permissions associated 
with various keylets. For example, when a keylet is 
35 installed on the key 10, it may register its data file 
and specify its default read or write permissions by 
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defined application class or by specific application. 
Continuing with our example, a bookmark manager will 
typically want to expose the bookmarks to other 
applications with read permission only. This will allow 
5 a password manager to identify the web site being 
accessed and offer password services to the user. 
Although a key manager 58 is not necessary for various 
aspects of the present invention, the use of a key 
manager 58 in embodiments incorporating multiple keylets 
10 requiring interaction with one another is preferred. 

The key manager 58 in the preferred embodiment 
provides the following functionality. 



without going through a normal termination process, files 
may be corrupted. For that purpose, the key manager 5 8 
will provide a mechanism that will monitor the integrity 
of the data files and restore the latest state before 
20 corruption occurred. 

Data File Encryption/Decryption 
The keylets may need encryption and/or decryption 
services to access data files. The key manager 58 will 
25 facilitate encryption and decryption as necessary for 
interoperation and access to the data files. 



30 facilitate seamless interoperation among keylets. The 

keylets will preferably register with the key manager 58 
when they are first installed on the key 10. When 
registering, the keylets will provide access permission 
information about the data files with which they are 

35 associated. For example, access permissions may include 



15 



File System Integrity 
When the key 10 is disengaged from the host system 



Access Permissions 



As noted, the key manager 58 will preferably 



read/write, read only, or match only, based on the class 
and security level of the keylets, as defined below. 

Insertion/Deinsertion Management 
5 The key manager 5 8 may provide termination for the 

key 10, based on either a time limit expiring, a user 
clicking on the end button 84 of the launching bar 76, or 
a user failing to provide the correct name and password 
during an authentication routine. 

10 

User Authentication 
As mentioned above, a user may be required to 
provide a correct name and password for authentication. 
If a faulty authentication is provided, the key manager 
15 58 may provide further questions to prevent fraudulent 

use of the key 10. Further, the key manager 58 may keep 
a log of these uses for historical purposes. 

Password Assistance 
20 Once authentication is provided, the key manager 58 

may provide help with changing passwords, if desired by 
the user or required by the expiration of a current 
password . 

2 5 The present invention provides the opportunity for 

multiple levels of security and use with hosts 12 having 
various degrees of trustworthiness. As an example, the 
preferred embodiment of the present invention provides 
for three types of host systems: home systems, trusted 

30 systems, and public systems. These definitions are based 
on the user's level of trust as far as how much data, if 
any, is allowed to be exposed on any particular system. 
The table below shows the types of applications 
recommended (X) and possible with an override (U) with 

35 respect to each type of system. The user has the ability 
to declare which systems are trusted systems and public 



systems, while home systems are determined by the 
installation of initialization software, A single key 10 
may be used with any number of systems and recognize the 
different types accordingly. 



Service 


Home 
Systein 


Trusted 
System 


P\iblic 
Systems 


Generation of Public Key Pair 


X 






Acquisition of X.509 
Certificate 


X 






Set Up User's Authentication 
Information 


X 






Backup to HDD 


X 


U 




Software Installations 


X 


u 




Software Upgrades 


X 


u 


u 


Cache Browser on HDD 


X 


X 




Backup to Web-based Service 


X 


X 


X 



The home system is defined as that which provides 
for the initialization of the key. When a user receives 
the key 10, she may install initialization software on a 
10 host 12, such as a personal computer (PC) . This software 
may be initially contained within or separate from the 
key 10 itself. Then, the key 10 must be initialized. 
Performing the initialization will include the following 
steps : 

15 • Setting up the user's authentication information; 

Generating a public key pair that will reside on the 
key 10; and 

• Acquiring encryption certificates that will reside 
on the key 10 . 

20 In addition to initializing the key 10, the software is 
capable of performing backups to the hard disk drive of 
the PC and performing software installations and 
upgrades . 

Typically, the home system used for initialization 
25 will be the user's "private" system, such as that used at 
home or at the office and protected with a password. The 
software of the present invention will provide means to 
protect private or confidential information contained on 



the home system. Importantly, multiple PCs may be used 
as home systems . 

Trusted systems are systems like office PCs or other 
PCs that are not likely to be intentionally inspected. 
5 The first time the key 10 interacts with a host 12, the 
key 10 will search the system for a registry entry to 
determine its type. If no type is found, a keylet will 
execute and generate a prompt to the user asking the type 
of system. At that point, the user may choose to label 
10 the system a trusted system, indicating that a privacy 
risk is acceptable in order to obtain certain benefits. 

rj The limited memory capacity on the key 10 may prevent it 

from storing browser cache. As such, trusted systems may 

□ allow the key to keep browser cache on the hard disk 

1% 15 drive. 

Q Public systems are assumed to be non-trusted systems 

[" where additional security and privacy measures are 

tj necessary, such as kiosks in public shopping areas, 

I't. automated teller machines (ATMs) , PCs not belonging to 

%J 20 the user, and the like. 

l2 In addition to optionally categorizing host systems, 

various security levels for the individual keylets may be 
defined. For example, keylets may be defined as having 
either level 1 or level 2 security. As such, level 1 

25 security may correspond to those keylets requiring higher 
levels of security or privacy, such as those containing 
transactional information or passwords. As such, the 
corresponding keylets may only store data on the key 10 
and only backup the information to web-based services 

30 through secure interaction. For level 2 -based keylets, 
less security may be mandated. A bookmark manager 
function may fall in this category, wherein the 
corresponding keylet may store the data on the key 10 or 
other web-mapped drives. 

35 Regardless of the class and security level, keylets 

may be configured to encrypt and decrypt data files, or 



reserve this functionality for the key manager 58. To 
enhance security, keylets may be configured to be started 
only through the software of the present invention, and 
updated using only a home system. 
5 The keys 10 may have various combinations of memory 

and interface types. The memory types may include: 
flash memory with hard disk drive emulation; SRAM-based, 
typically with hard disk drive emulation and a battery 
backup; internally mapped device memory; or memory, such 

10 as that used in a smart card, which does not require or 
use hard disk drive emulation. The interfaces may 
include those standard for personal computers, such as 
the universal serial bus (USB), IEEE 1392, etc., or 
wireless interfaces, such as that provided by Bluetooth, 

15 IEEE 802.11, and the like. 

Regardless of the type of memory and interface, the 
keys 10 will be able to interface to the hosting computer 
where keylets can execute, and emulate the file systems 
of the hosting computer and store data files and keylets. 

20 In addition to computers, personal digital assistants 

(PDAs) , and mobile telephones, hosts 12 may also include 
various types of kiosks, such as automated teller 
machines (ATMs) and the like. Keys 10 may emulate 
various types of Windows- and UNIX-based systems and the 

25 like. 



